Tue Feb 23 19:31:59 UTC 2016patches/packages/bind-9.9.8_P3-x86_64-1_slack14.1.txz: Upgraded. This release fixes two possible denial-of-service issues: render_ecs errors were mishandled when printing out a OPT record resulting in a assertion failure. (CVE-2015-8705) [RT #41397] Specific APL data could trigger a INSIST. (CVE-2015-8704) [RT #41396] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705 (* Security fix *)patches/packages/glibc-2.17-x86_64-11_slack14.1.txz: Rebuilt. This update provides a patch to fix the stack-based buffer overflow in libresolv that could allow specially crafted DNS responses to seize control of execution flow in the DNS client (CVE-2015-7547). However, due to a patch applied to Slackware's glibc back in 2009 (don't use the gethostbyname4() lookup method as it was causing some cheap routers to misbehave), we were not vulnerable to that issue. Nevertheless it seems prudent to patch the overflows anyway even if we're not currently using the code in question. Thanks to mancha for the backported patch. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547 (* Security fix *)patches/packages/glibc-i18n-2.17-x86_64-11_slack14.1.txz: Rebuilt.patches/packages/glibc-profile-2.17-x86_64-11_slack14.1.txz: Rebuilt.patches/packages/glibc-solibs-2.17-x86_64-11_slack14.1.txz: Rebuilt.patches/packages/libgcrypt-1.5.5-x86_64-1_slack14.1.txz: Upgraded. Mitigate chosen cipher text attacks on ECDH with Weierstrass curves. Use ciphertext blinding for Elgamal decryption. For more information, see: http://www.cs.tau.ac.IL/~tromer/ecdh/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7511 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3591 (* Security fix *)patches/packages/ntp-4.2.8p6-x86_64-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several low and medium severity vulnerabilities. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158 (* Security fix *)+--------------------------+

The long development cycle (the Linux community has lately been living in"interesting times", as they say) is finally behind us, and we're proud toannounce the release of Slackware 14.2. The new release brings many updatesand modern tools, has switched from udev to eudev (no systemd), and addswell over a hundred new packages to the system. Thanks to the team, theupstream developers, the dedicated Slackware community, and everyone elsewho pitched in to help make this release a reality.

The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackwareproject by picking up a copy from store.slackware.com. We're takingpre-orders now, and offer a discount if you sign up for a subscription.